The rampant digital extortion facilitated by ransomware in 2017 will continue next year, with healthcare and industrial systems expected to be new prime targets

The tidal wave of ransomware attacks this year has ruthlessly cast the spotlight on gaps and lapses in cyber security, crippling some organisations and causing significant financial losses in others.

“Ransomware is not new, having first been identified in 2009, but it is growing at a high triple-digit growth rate,” said Sherrel Roche, senior market analyst for services research at IDC Asia-Pacific.

Ransomware poses one of the biggest cyber security threats today, as it encrypts data on a system or network until a ransom is paid. The top ransomware attacks this year were WannaCry, Petya, Bad Rabbit, Lokibot, CryptoWall, Jaff, Cerber and TorrentLocker.

“WannaCry’s three-stage attack – penetration, deployment and crypto – accounted for more than 45% of all ransomware intercepted by Sophos between April and October of 2017,” said Sumit Bansal, director of ASEAN and Korea at Sophos.

As the unprecedented attack had exploited the Microsoft Windows EternalBlue vulnerability, for which a patch was available two months ahead of the attack, some organisations that fell prey to the attack were criticised for not taking cyber security more seriously.

The onslaught of ransomware showed no signs of abating. Shortly after WannaCry, the following month saw an outbreak of the NotPetya ransomware that disrupted organisations such as Maersk. NotPetya seemed more dangerous and intrusive, encrypting entire hard disks instead of individual files and applications in the case of WannaCry.

But that was not all. In October 2017, the Bad Rabbit ransomware, which employs a similar modus operandi as WannaCry and Petya, surfaced, mainly infecting machines in Russia and Ukraine, as well as those in Germany, Turkey, Poland and South Korea.

The ASEAN region fared relatively well, experiencing fewer ransomware attacks compared with the US, according to Sophos’ Bansal. For example, while the US had a 17.2% ransomware circulation rate between April 1 and October 3, Singapore saw the highest activity with 6.5%, followed by Indonesia (5.3%), Malaysia (2.7%) and the Philippines (1.9%).

The highly profitable nature of ransomware attacks has spawned rise of ransomware-as-a-service that puts ransomware into the hands of criminals with minimal technical knowledge.

Linda Chua, market analyst for software at IDC Malaysia, attributed the surge in ransomware attacks to the rise of ransomware-as-a-service, through which malware such as Cerber have emerged.

Bansal said Cerber is one of the most prolific ransomware around because it is constantly being improved. “With ransomware being such a well-paying business, its authors are developing more features, like robust encryption and antivirus evasion techniques.”

Prime targets in 2018

Against the backdrop of growing ransomware attacks, experts are now warning that healthcare and industrial systems could be the next big targets for cyber criminals in 2018.

Attacks targeted at the healthcare sector could involve data encryption as well as device blocking. Connected medical equipment is often expensive and sometimes life-critical, making them prime targets for cyber attacks and extortion.

“The WannaCry and ExPetr attacks taught both security experts and cyber criminals that operational technology (OT) systems can be even more vulnerable to such attacks than IT systems,” said Sylvia Ng, general manager at Kaspersky Lab in Southeast Asia.

“This is because ‘firefighting’ in the case of OT is much more difficult, and industrial companies have demonstrated how poorly organised and inefficient their staff can be when it comes to cyber attacks on their OT infrastructure.”

As with the WannaCry attack and its variants, cyber criminals will continue to demand ransoms in cryptocurrency, because of the unregulated and almost anonymous nature of the cryptocurrency market.

Although 2017 saw the biggest ransomware attacks affecting Windows users, 2018 may see an explosion of Android malware, as well as malware targeting Apple computers, said Bansal.

Start the conversation

0 comments

Register

I agree to TechTarget’s Terms of Use, Privacy Policy, and the transfer of my information to the United States for processing to provide me with relevant information as described in our Privacy Policy.

Please check the box if you want to proceed.

I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time.